GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-27 14:19:59 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0006 Running: jovlvhxz.exe; Driver: C:\Users\Kika\AppData\Local\Temp\pxldipow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8F935AC6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8F936298] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8F9366C0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8F93A48C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8F93598C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8F93776E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8F93603C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8F9371A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8F936492] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8F937BB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8F936344] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8F937232] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8F93A2D0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8F935CF6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8F937798] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8F935BF8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8F9374C6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8F934E5C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8F937026] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8F934FBE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8F937A84] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8F934C5E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8F936582] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8F93613C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8F93732C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8F9377C2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8F9378A6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8F937962] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8F9370CC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8F935E90] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8F935DE6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8F935F70] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 836463C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8367FD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 83686D8C 4 Bytes [C6, 5A, 93, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 83686E24 4 Bytes [98, 62, 93, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83686E48 4 Bytes [C0, 66, 93, 8F] {SHL BYTE [ESI-0x6d], 0x8f} .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 83686E64 4 Bytes [8C, A4, 93, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 11D3 83686E88 4 Bytes [8C, 59, 93, 8F] .text ... ? C:\windows\System32\Drivers\SafeBoot.sys Proces nie mo¿e uzyskaæ dostêpu do pliku, poniewa¿ jest on u¿ywany przez inny proces. .text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91205000, 0x2BE63E, 0xE8000020] PAGE peauth.sys A34F1BEC 111 Bytes [10, E9, 65, 93, D0, 87, FC, ...] ? C:\Users\Kika\AppData\Local\Temp\pxldipow.sys Nie mo¿na odnaleŸæ okreœlonego pliku. ! ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] USER32.dll!NotifyWinEvent + 6AE 76ABD66C 4 Bytes [50, 12, 4A, 6D] {PUSH EAX; ADC CL, [EDX+0x6d]} ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] USER32.dll!NotifyWinEvent + 6AE 76ABD66C 4 Bytes [50, 12, 4A, 6D] {PUSH EAX; ADC CL, [EDX+0x6d]} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00550B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00550BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00550C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00550CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00550D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00550DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00550E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00550E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00550EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00550F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 76EB0780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 76EB07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 76EB0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 76EB0EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 76EB0F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00560010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00560080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 005600F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00560160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 005601D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00560240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00560C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00560CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00560D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00560DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00560E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00560E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00560EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00560F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 01160010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01160080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011600F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01160470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 011604E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76EB0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 76EB01D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 76EB0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 76EB02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 76EB0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 76EB00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 76EB0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76EB0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 76EB0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 76EB0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 76EB00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 76EB01D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 76EB0160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 76EB02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 76EB00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[2392] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76EB0470 IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742124CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741F562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741F56EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [74212546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742085AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74204D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74205105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742051DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74206707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74208301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74208850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742090B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7420E254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[5036] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74204C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00370B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00370BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00370C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00370CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00370D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00370DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00370E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00370E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00370EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00370F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 76EB0780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 76EB07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 76EB0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 76EB0EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 76EB0F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00380010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00380080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003800F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00380160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003801D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00380240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00380C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00380CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00380D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00380DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00380E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00380E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00380EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00380F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00390010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00390080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003900F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00390470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003904E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 76EB0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76EB0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 76EB0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 76EB0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 76EB00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 76EB01D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe[5476] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 76EB0160 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu j¹dra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000086 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Mened¿er filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{F02072E8-2AAD-4109-9AE3-D3BA0ECAA4B5}?\Device\{40F0A4A0-6596-48F8-8DA3-C3C1D50425C3}?\Device\{9CBBE917-EB0E-41D9-A235-480F853AE710}?\Device\{B696CC4A-2F6E-44AB-A553-1C23D3CC8859}?\Device\{A9F47F9D-541A-4F76-BA9D-3CBF2F9DF2F9}?\Device\{D2323B51-DF5C-4232-8A26-77E6AAB30544}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{F02072E8-2AAD-4109-9AE3-D3BA0ECAA4B5}"?"{40F0A4A0-6596-48F8-8DA3-C3C1D50425C3}"?"{9CBBE917-EB0E-41D9-A235-480F853AE710}"?"{B696CC4A-2F6E-44AB-A553-1C23D3CC8859}"?"{A9F47F9D-541A-4F76-BA9D-3CBF2F9DF2F9}"?"{D2323B51-DF5C-4232-8A26-77E6AAB30544}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{F02072E8-2AAD-4109-9AE3-D3BA0ECAA4B5}?\Device\TCPIP6TUNNEL_{40F0A4A0-6596-48F8-8DA3-C3C1D50425C3}?\Device\TCPIP6TUNNEL_{9CBBE917-EB0E-41D9-A235-480F853AE710}?\Device\TCPIP6TUNNEL_{B696CC4A-2F6E-44AB-A553-1C23D3CC8859}?\Device\TCPIP6TUNNEL_{A9F47F9D-541A-4F76-BA9D-3CBF2F9DF2F9}?\Device\TCPIP6TUNNEL_{D2323B51-DF5C-4232-8A26-77E6AAB30544}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713741b26 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713741b26@001b593e75d5 0xBB 0xCD 0x6B 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713741b26@d48890e9ebaa 0x65 0x06 0x1D 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ@EventMessageFile c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ@TypesSupported 7 Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ@CategoryMessageFile c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ@CategoryCount 3 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{40F0A4A0-6596-48F8-8DA3-C3C1D50425C3}@InterfaceName isatap.{CDF67BE7-E5B0-449B-BFA2-9A556624DE85} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{40F0A4A0-6596-48F8-8DA3-C3C1D50425C3}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{9CBBE917-EB0E-41D9-A235-480F853AE710}@InterfaceName isatap.{659CCA53-39DD-418A-A090-194747DD919B} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{9CBBE917-EB0E-41D9-A235-480F853AE710}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713741b26 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713741b26@001b593e75d5 0xBB 0xCD 0x6B 0x59 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713741b26@d48890e9ebaa 0x65 0x06 0x1D 0x1D ... Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ@EventMessageFile c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ@TypesSupported 7 Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ@CategoryMessageFile c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Àv";Ç‹×w‹Ð‹E‹NƒÀ…Òv f‹f‰@@AAJuó‹^j‹Îè§ýÿÿ‹EƒÀ‰F€`ÿ@CategoryCount 3 ---- EOF - GMER 1.0.15 ----